Security experts say that soft tokens can be as safe as hardware tokens for generating one-time passwords (OTPs) for extra protection.

Most soft tokens are securely designed with anti-tampering capabilities and their functions are "compartmentalised", said Mr Clement Lee, security software maker Check Point Software Technologies' principal consulting security architect in the region. But users should not be complacent and should have mobile threat protection software installed in their phones, he added.

Soft tokens are more convenient, as they can be installed in smartphones, without requiring another device. This makes them popular, especially with online service providers. Google's Authenticator software, which generates OTPs to better secure users' access to services, was rolled out some six years ago.

As new-generation smartphones come with fingerprint recognition, software tokens can embed the feature as a security measure.

Follow ST

The Straits Times

We have been experiencing some problems with subscriber log-ins and apologise for the inconvenience caused. Until we resolve the issues, subscribers need not log in to access ST Digital articles. But a log-in is still required for our PDFs.